MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f4ba7e998f08cc08353169560467f5401d4dc868d8876c4fb36982ab92b29250. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f4ba7e998f08cc08353169560467f5401d4dc868d8876c4fb36982ab92b29250
SHA3-384 hash: 5e02afa12c860fc76189089b516f2f4f0f537d0d991a203eed60ad46c4d093ad1217879c6b423d01df725f3f79ff9388
SHA1 hash: d20388941ba9d35d783fb6707817e30570022dd5
MD5 hash: 96ff25f7d41a4855d540d9ffc871a0a5
humanhash: vegan-victor-mirror-bakerloo
File name:ΠΡΟΣΑΡΤΗΜΑ ΕΓΚΡΙΣΗΣ ΠΛΗΡΩΜΗΣ.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:389'248 bytes
First seen:2020-07-16 18:47:55 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:I//di55Yp4t54Ru0bfn5c49i8AFufLQ6nX9O725w8xSbCAJDGpbiMio12c0+8:IndkEkQ95aRnaX9O72Sl2bKc/0j
TLSH FF8423A7F60E01DBF52F610580DE5EBD0343A67D5DA62E409A39164EED2889C1F342BC
Reporter abuse_ch
Tags:AgentTesla geo GRC gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: alpha.solidgateway.net
Sending IP: 46.4.19.83
From: OVG P.L.L <reservations@vega.com.gr>
Subject: ΠΡΟΣΑΡΤΗΜΑ ΕΓΚΡΙΣΗΣ ΠΛΗΡΩΜΗΣ
Attachment: ΠΡΟΣΑΡΤΗΜΑ ΕΓΚΡΙΣΗΣ ΠΛΗΡΩΜΗΣ.gz (contains "ΠΡΟΣΑΡΤΗΜΑ ΕΓΚΡΙΣΗΣ ΠΛΗΡΩΜΗΣ.exe")

AgentTesla SMTP exfil server:
smtp.lokalboyz.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CAP_HookExKeylogger.16082.630.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f4ba7e998f08cc08353169560467f5401d4dc868d8876c4fb36982ab92b29250/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-16 18:49:04 UTC
AV detection:
14 of 48 (29.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6s5h5gmpbdgaqnjrnflaiz7viaou3sdi3cdwyt5tngbkxevssjia._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip f4ba7e998f08cc08353169560467f5401d4dc868d8876c4fb36982ab92b29250

(this sample)

AgentTesla

Executable exe b84f51a8448ff531ac11939b6ed24a854cb9a72926fce8f5bcf3e07781bf98f6

  
Dropping
MD5 e185c970fb0e8f1557f0301f3ed162d3
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b84f51a8448ff531ac11939b6ed24a854cb9a72926fce8f5bcf3e07781bf98f6

Comments